Ketryx upholds enterprise-grade security standards, validated through SOC 2 Type II. The description below provides a technical overview of our data handling and security, focusing on how customer data interacts with our optional AI and Large Language Model (LLM) features.

1. Data Flow for AI/LLM Processing

The use of AI features in the Ketryx platform is entirely optional. When enabled for tasks like document analysis or semantic search (RAG), your data follows a secure, zero-trust path:

1. Secure API Call: The specific data snippet is transmitted securely through HTTPS to the API endpoint.
2. Zero-Retention Processing: The call is directed exclusively to zero-data-retention endpoints at our LLM providers. This contractually guarantees your data is never stored by the LLM provider or used for model training. It is used only for the immediate API transaction.
3. Secure Return: The result (e.g., a summary or vector embedding) is returned to Ketryx and stored entirely within your secure environment. The original data snippet does not persist outside Ketryx.

This process ensures your data remains protected from long-term storage or training use by any third-party model provider.

2. Audit, Monitoring, and Logging

As validated by our SOC 2 Type II report, Ketryx employs comprehensive controls for platform security and integrity:

• Monitoring & Alerting: We monitor infrastructure for suspicious activity (CC7.1) and use automated alerts to ensure timely investigation by our personnel.
• Incident Response: A formal, annually-tested Incident Response Policy (CC7.4) ensures an effective and orderly response to any security incidents.

These controls provide continuous oversight and active protection for your data.